Solidsoft Reply Ltd

Solutions Partner for Digital & Application Innovation (Azure)

As a Solutions Partner for Data & AI, Solidsoft can help customers manage their data across multiple systems building a data platform to allow successful business solutions to be provided driving the organisation forward.

Features

• Expert Microsoft Azure Data Platform Design and Delivery
• Analyzing existing workloads, generating schemas, performing extract, transform, load
• Analyzing existing workloads, generating schemas, performing extract, transform, load
• Delivery of Azure SQL Server, Azure Data Warehouse, Azure Synapse
• Data Migration to cloud-based data warehouses enabling cloud-based analytics solutions
• Delivering tailored analytics solutions using Azure Synapse Analytics
• Enabling customer adoption of Al and implementing Azure AI solutions

Benefits

• Cost optimised Azure usage

£800 to £1,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.james@reply.eu. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

507352799167166

Contact

Andy James
+44 1256 375700
a.james@reply.eu

Service scope

• Service constraints: Only pertains to Microsoft Azure
• System requirements: Azure Subscription

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The response times are within 1 business hour. Service Desk (Core Hours) 9am – 5pm 5 days per week, Monday to Friday (excluding English Public Holidays) Response times outside of these hours is next business day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Solidsoft Reply provide a bespoke approach to on site support levels. ; ; Standard remote support service coverage is as follows:; Service Desk (Core Hours) 9am – 5pm 5 days per week, Monday to Friday (excluding English Public Holidays); Out of Hours Support 8am - 9am, 5pm - 8pm 5 days per week, Monday to Friday (excluding English Public Holidays); Optional Public Holiday Coverage Should this option be chosen, Solidsoft Reply; will provide 24-hour support for all English public holidays that fall within the term of the agreement.; Optional 24 x 7 Managed Service Should this option be chosen, Solidsoft Reply will provide 24-hour support for High/Medium/Low Priority Incidents as determined in the agreement.; Optional Technical Design Authority consultant can be offered within the terms of the Managed Service agreement.; Managed Service Pricing is determined by the individual customer requirement based on the options detailed above.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training + user documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Using any of the interfaces provided
• End-of-contract process: N/A

Using the service

• Web browser interface: Yes
• Using the web interface: All features avaialble
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Microsoft provided
• API: Yes
• What users can and can't do using the API: All features
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: All features available

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: By design of the service
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: FIPS assured encryption
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Data
  • Databases
  • Virtual machines
• Backup controls: Using one of the interfaces provided
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99, assured by contractual commitment
• Approach to resilience: Datacentre location: EU, assured by contractual commitment ; Data management location: EU, assured by contractual commitment ; Legal jurisdiction of service provider: EU, assured by contractual commitment ; Datacentre protection: Yes, assured by independent validation of assertion ; Data-at-rest protection: FIPS-assured encryption, assured by independent testing of implementation ; Secure data deletion: Other secure erasure process, assured by independent validation of assertion ; Storage media disposal: Other secure erasure process, assured by independent validation of assertion ; Secure equipment disposal: Yes, assured by independent validation of assertion ; Redundant equipment accounts revoked: Yes, assured by independent validation of assertion ; Service availability: 99.99, assured by contractual commitment
• Outage reporting: Outage reporting is by a public dashboard, an API and email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All accounts for the Microsoft Azure Cloud subscription to be operated on a Roles based approach ensuring access I restricted to only those who require it.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 28/03/17
• What the ISO/IEC 27001 doesn’t cover: All covered
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: QMS
• ISO 28000:2007 accreditation date: 28/03/17
• What the ISO 28000:2007 doesn’t cover: All covered
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: UK PGA Accreditation

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As per the Solidsoft Reply Information and security policy produced and audited in conjunction with ISO 27001 and ISO 9001 guidance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration and change management is controlled by our ISO 9001 assured Quality Management System Standard Operating Policies.; ; For more information the Change Management and Configuration Management SOPs can be provided.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is controlled by our ISO 9001 assured Quality Management System Standard Operating Policies. Microsoft Azure is protected by Microsoft accredited vulnerability processes
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Provided as part of the Microsoft Azure cloud.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is controlled by our ISO 9001 assured Quality Management System Standard Operating Policies and based on ITIL 3 approach. For more information the Incident Management SOP can be provided.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Cloud deployment model is Public cloud assured by contractual commitment.; Services separation is assured by intendant testing.; Services management separation is assured by intendant testing.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft is committed to driving innovation that helps people and organizations improve the environment. We achieved carbon neutrality in 2014 and have met our goal of averaging 1.125 power usage effectiveness (PUE) for any new datacenter—exceeding the industry average by more than 30 percent.

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to managing our business activities while paying close attention to environmental issues in order to respect the legacy of future generations. We have implemented new ways to reduce the footprint of our operations and generate long-term financial growth, while living up to environmental and social expectations. We seek a positive balance by reducing our energy needs, diminishing waste and also creating sustainable innovation.
• Covid-19 recovery:

  Covid-19 recovery

  The group is involved in Covid-19 recovery in many different ways not least helping our customers improve their working practises and systems. Internally as part of our back to work Reply has introduced a new Hybrid Work scheme - Optimise - across all companies and regions. Finally, a number of companies have been directly involved in supporting COVID-19 related initiatives.
• Tackling economic inequality:

  Tackling economic inequality

  As a group - Reply has invested in a number of key technical innovation projects targeted at tackling economic inequality including driving the essential connection between technology and sustainability, precision agriculture and the future of farming, and driving economic planning.
• Equal opportunity:

  Equal opportunity

  We work towards ensuring a diverse, inclusive and rewarding workplace. Our focus is on the group as well as the individuals and their empowerment with cutting-edge tools and continuous learning. Making everyone feel equally involved and supported results in great everyday experiences and fuels innovation. Diversity strengthens our teams. Transparency, honesty, ethics and diversity allow us to discover unique ways of collaborating. The management and optimisation of the Reply Group's human capital is achieved through integration and respect of equal opportunities and diversity. Our people represent essential bastions for idea and process innovation, and for addressing and managing market challenges in the best way.
• Wellbeing:

  Wellbeing

  All employees are supported for Wellbeing and recovery with a number of group lead initiatives covering Understanding Stress, Mindfulness & Responding and Wellbeing. From the Wellbeing viewpoint we look at 5 key points: ; -Career: What they like to do each day ; -Social: The meaningful relationships in life ; -Financial: How to mange money well ; -Community: Where they like to live ; -Physical: The energy to get things done ; ; The programme is supported by seminars, sessions and on-line information. Plus in the UK a full time Wellbeing coach is available.

Pricing

• Price: £800 to £1,200 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.james@reply.eu. Tell them what format you need. It will help if you say what assistive technology you use.